From 35c8899949cb7c1e3712b9c07e5b0c0a9a701269 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 1 Sep 2008 14:43:00 +1000 Subject: Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust. Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613) --- source4/rpc_server/lsa/dcesrv_lsa.c | 6 ++++++ source4/torture/rpc/lsa.c | 21 ++++++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index f67b5dee10..923b1e400c 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -672,6 +672,12 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain(struct dcesrv_call_state *dce_cal } samdb_msg_add_string(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "objectClass", "trustedDomain"); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustType", LSA_TRUST_TYPE_DOWNLEVEL); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustAttributes", 0); + + samdb_msg_add_int(trusted_domain_state->policy->sam_ldb, mem_ctx, msg, "trustDirection", LSA_TRUST_DIRECTION_OUTBOUND); trusted_domain_state->trusted_domain_dn = talloc_reference(trusted_domain_state, msg->dn); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index ec74426ac6..edfc12f9f1 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -2016,7 +2016,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, } else { q.in.trustdom_handle = &trustdom_handle[i]; - q.in.level = LSA_TRUSTED_DOMAIN_INFO_NAME; + q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); @@ -2024,9 +2024,24 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, } else if (!q.out.info) { ret = false; } else { - if (strcmp(q.out.info->name.netbios_name.string, trustinfo.name.string) != 0) { + if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.name.string) != 0) { printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n", - q.out.info->name.netbios_name.string, trustinfo.name.string); + q.out.info->info_ex.netbios_name.string, trustinfo.name.string); + ret = false; + } + if (q.out.info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", + trust_name, q.out.info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL); + ret = false; + } + if (q.out.info->info_ex.trust_attributes != 0) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", + trust_name, q.out.info->info_ex.trust_attributes, 0); + ret = false; + } + if (q.out.info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) { + printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", + trust_name, q.out.info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND); ret = false; } } -- cgit